Ahmed Baha Eddine Alimi - B23-SD-01 [Lab07 + Bonus Task]

ansible/docs/LAB05.md

@@ -2,7 +2,7 @@
 
 ## 1. Architecture Overview
 
-**Ansible Version:** 2.10.8
+**Ansible Version:** 2.17.14
 **Target VM OS:** Ubuntu 22.04 LTS (jammy64)
 **Control Node:** Same VM (Ansible runs on the VM and targets itself via `ansible_connection=local`)
 
@@ -260,7 +260,7 @@ Any secret stored in plain text in a Git repository is effectively public, even
 ## 7. Challenges
 
 - **WSL2 disk space:** The WSL2 Alpine distro had only 136MB disk space, not enough to install Ansible. Solved by installing Ansible directly on the Vagrant VM and running it against localhost.
-- **Docker login module:** `community.general.docker_login` failed in Ansible 2.10. Solved by using a `shell` task with `docker login --password-stdin` instead.
+- **Docker login module:** `community.general.docker_login` failed. Solved by using a `shell` task with `docker login --password-stdin` instead.
 - **group_vars not loading with become:** Vault-encrypted `group_vars/all.yml` variables were not accessible when `become: yes` was set at the play level. Solved by passing variables explicitly with `-e @group_vars/all.yml` and setting `become: no` in the deploy playbook.
 - **App port:** The application runs on port 8000 (FastAPI/Uvicorn), not 5000 as initially assumed. Discovered via `docker logs` and corrected in the vault variables and port mapping.
 

ansible/docs/LAB06.md

@@ -622,7 +622,7 @@ Both `ansible-deploy.yml` and `ansible-deploy-bonus.yml` show green in GitHub Ac
 ## Summary
 
 ### Technologies Used
-- Ansible 2.10.8 on Ubuntu 22.04 (Vagrant VM, `ansible_connection=local`)
+- Ansible 2.17.14 on Ubuntu 22.04 (Vagrant VM, `ansible_connection=local`)
 - Docker Compose v2 plugin (`docker compose` not `docker-compose`)
 - GitHub Actions with self-hosted runner on the Vagrant VM
 - Jinja2 templating for docker-compose.yml generation

ansible/playbooks/deploy-monitoring.yml

@@ -0,0 +1,7 @@
+---
+- name: Deploy Monitoring Stack
+  hosts: all
+  gather_facts: true
+
+  roles:
+    - role: monitoring

ansible/roles/monitoring/defaults/main.yml

@@ -0,0 +1,31 @@
+# Service versions
+loki_version: "3.0.0"
+promtail_version: "3.0.0"
+grafana_version: "12.3.1"
+
+# Ports
+loki_port: 3100
+promtail_port: 9080
+grafana_port: 3000
+
+# Retention
+loki_retention_period: "168h"
+
+# Grafana credentials
+grafana_admin_user: "admin"
+grafana_admin_password: "admin123"
+
+# Deployment directory
+monitoring_dir: "/opt/monitoring"
+
+# Schema
+loki_schema_version: "v13"
+loki_schema_from: "2024-01-01"
+
+# Resource limits
+loki_memory_limit: "1g"
+loki_cpu_limit: "1.0"
+promtail_memory_limit: "256m"
+promtail_cpu_limit: "0.5"
+grafana_memory_limit: "512m"
+grafana_cpu_limit: "1.0"

ansible/roles/monitoring/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Restart monitoring stack
+  become: true
+  community.docker.docker_compose_v2:
+    project_src: "{{ monitoring_dir }}"
+    state: present
+    remove_orphans: true
+    recreate: always

ansible/roles/monitoring/meta/main.yml

@@ -0,0 +1,8 @@
+galaxy_info:
+  author: 3llimi
+  description: Deploys Loki, Promtail, and Grafana monitoring stack
+  license: MIT
+  min_ansible_version: "2.16"
+
+dependencies:
+  - role: docker

ansible/roles/monitoring/tasks/deploy.yml

@@ -0,0 +1,56 @@
+---
+- name: Deploy monitoring stack with Docker Compose
+  become: true
+  tags: [monitoring, monitoring_deploy]
+  block:
+    - name: Deploy monitoring stack
+      community.docker.docker_compose_v2:
+        project_src: "{{ monitoring_dir }}"
+        state: present
+        remove_orphans: true
+      register: compose_result
+
+    - name: Wait for Loki to be ready
+      ansible.builtin.uri:
+        url: "http://localhost:{{ loki_port }}/ready"
+        status_code: 200
+      register: loki_ready
+      retries: 12
+      delay: 10
+      until: loki_ready.status == 200
+
+    - name: Wait for Grafana to be ready
+      ansible.builtin.uri:
+        url: "http://localhost:{{ grafana_port }}/api/health"
+        status_code: 200
+      register: grafana_ready
+      retries: 12
+      delay: 10
+      until: grafana_ready.status == 200
+
+    - name: Report deployment success
+      ansible.builtin.debug:
+        msg: "Monitoring stack deployed — Grafana at http://localhost:{{ grafana_port }}"
+
+  rescue:
+    - name: Show container logs on failure
+      ansible.builtin.command: >
+        docker compose -f {{ monitoring_dir }}/docker-compose.yml logs --tail=20
+      changed_when: false
+      failed_when: false
+      register: compose_logs
+
+    - name: Print container logs
+      ansible.builtin.debug:
+        msg: "{{ compose_logs.stdout_lines }}"
+
+  always:
+    - name: Show running containers
+      ansible.builtin.command: docker compose -f {{ monitoring_dir }}/docker-compose.yml ps
+      changed_when: false
+      failed_when: false
+      register: compose_ps
+
+    - name: Print container status
+      ansible.builtin.debug:
+        msg: "{{ compose_ps.stdout_lines }}"

ansible/roles/monitoring/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Setup monitoring directories and configs
+  ansible.builtin.include_tasks: setup.yml
+  tags: [monitoring, monitoring_setup]
+
+- name: Deploy monitoring stack
+  ansible.builtin.include_tasks: deploy.yml
+  tags: [monitoring, monitoring_deploy]

ansible/roles/monitoring/tasks/setup.yml

@@ -0,0 +1,51 @@
+---
+- name: Setup monitoring directories and configuration files
+  become: true
+  tags: [monitoring, monitoring_setup]
+  block:
+    - name: Create monitoring directory structure
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: "0755"
+      loop:
+        - "{{ monitoring_dir }}"
+        - "{{ monitoring_dir }}/loki"
+        - "{{ monitoring_dir }}/promtail"
+
+    - name: Template Loki configuration
+      ansible.builtin.template:
+        src: loki-config.yml.j2
+        dest: "{{ monitoring_dir }}/loki/config.yml"
+        mode: "0644"
+      notify: Restart monitoring stack
+
+    - name: Template Promtail configuration
+      ansible.builtin.template:
+        src: promtail-config.yml.j2
+        dest: "{{ monitoring_dir }}/promtail/config.yml"
+        mode: "0644"
+      notify: Restart monitoring stack
+
+    - name: Template Docker Compose file
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ monitoring_dir }}/docker-compose.yml"
+        mode: "0644"
+      notify: Restart monitoring stack
+
+  rescue:
+    - name: Report setup failure
+      ansible.builtin.debug:
+        msg: "Failed to set up monitoring configuration. Check directory permissions."
+
+  always:
+    - name: List monitoring directory
+      ansible.builtin.command: ls -la {{ monitoring_dir }}
+      changed_when: false
+      failed_when: false
+      register: monitoring_dir_contents
+
+    - name: Show monitoring directory contents
+      ansible.builtin.debug:
+        msg: "{{ monitoring_dir_contents.stdout_lines }}"

ansible/roles/monitoring/templates/docker-compose.yml.j2

@@ -0,0 +1,82 @@
+networks:
+  logging:
+    driver: bridge
+
+volumes:
+  loki-data:
+  grafana-data:
+
+services:
+
+  loki:
+    image: grafana/loki:{{ loki_version }}
+    container_name: loki
+    ports:
+      - "{{ loki_port }}:{{ loki_port }}"
+    volumes:
+      - {{ monitoring_dir }}/loki/config.yml:/etc/loki/config.yml:ro
+      - loki-data:/loki
+    command: -config.file=/etc/loki/config.yml
+    networks:
+      - logging
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:{{ loki_port }}/ready || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
+    deploy:
+      resources:
+        limits:
+          cpus: '{{ loki_cpu_limit }}'
+          memory: {{ loki_memory_limit }}
+    restart: unless-stopped
+
+  promtail:
+    image: grafana/promtail:{{ promtail_version }}
+    container_name: promtail
+    volumes:
+      - {{ monitoring_dir }}/promtail/config.yml:/etc/promtail/config.yml:ro
+      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    command: -config.file=/etc/promtail/config.yml
+    networks:
+      - logging
+    depends_on:
+      loki:
+        condition: service_healthy
+    deploy:
+      resources:
+        limits:
+          cpus: '{{ promtail_cpu_limit }}'
+          memory: {{ promtail_memory_limit }}
+    restart: unless-stopped
+
+  grafana:
+    image: grafana/grafana:{{ grafana_version }}
+    container_name: grafana
+    ports:
+      - "{{ grafana_port }}:3000"
+    volumes:
+      - grafana-data:/var/lib/grafana
+    environment:
+      - GF_AUTH_ANONYMOUS_ENABLED=false
+      - GF_SECURITY_ADMIN_USER={{ grafana_admin_user }}
+      - GF_SECURITY_ADMIN_PASSWORD={{ grafana_admin_password }}
+    networks:
+      - logging
+    depends_on:
+      loki:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:3000/api/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    deploy:
+      resources:
+        limits:
+          cpus: '{{ grafana_cpu_limit }}'
+          memory: {{ grafana_memory_limit }}
+    restart: unless-stopped

ansible/roles/monitoring/templates/loki-config.yml.j2

@@ -0,0 +1,44 @@
+auth_enabled: false
+
+server:
+  http_listen_port: {{ loki_port }}
+  grpc_listen_port: 9096
+  log_level: info
+
+common:
+  instance_addr: 127.0.0.1
+  path_prefix: /loki
+  storage:
+    filesystem:
+      chunks_directory: /loki/chunks
+      rules_directory: /loki/rules
+  replication_factor: 1
+  ring:
+    kvstore:
+      store: inmemory
+
+schema_config:
+  configs:
+    - from: {{ loki_schema_from }}
+      store: tsdb
+      object_store: filesystem
+      schema: {{ loki_schema_version }}
+      index:
+        prefix: index_
+        period: 24h
+
+limits_config:
+  retention_period: {{ loki_retention_period }}
+  allow_structured_metadata: true
+  volume_enabled: true
+
+compactor:
+  working_directory: /loki/compactor
+  compaction_interval: 10m
+  retention_enabled: true
+  retention_delete_delay: 2h
+  retention_delete_worker_count: 150
+  delete_request_store: filesystem
+
+analytics:
+  reporting_enabled: false

ansible/roles/monitoring/templates/promtail-config.yml.j2

@@ -0,0 +1,31 @@
+server:
+  http_listen_port: {{ promtail_port }}
+  grpc_listen_port: 0
+
+positions:
+  filename: /tmp/positions.yaml
+
+clients:
+  - url: http://loki:{{ loki_port }}/loki/api/v1/push
+
+scrape_configs:
+  - job_name: docker
+    docker_sd_configs:
+      - host: unix:///var/run/docker.sock
+        refresh_interval: 5s
+        filters:
+          - name: label
+            values: ["logging=promtail"]
+    relabel_configs:
+      - source_labels: [__meta_docker_container_name]
+        regex: '/(.*)'
+        target_label: container
+
+      - source_labels: [__meta_docker_container_label_app]
+        target_label: app
+
+      - target_label: job
+        replacement: docker
+
+      - source_labels: [__meta_docker_container_log_stream]
+        target_label: stream